By: Heather “Mo” Williams, Solution Engineer for Global Field Sales Enablement
The exploit is called KRACK and details about this vulnerability have been published in true White Hat fashion, by the Imec-DistriNet research group of KU Leuven. Mathy Vanhoef and his team have identified as many as ten vulnerabilities in the WPA and WPA2 protocols, which secure all modern protected Wi-Fi networks. These vulnerabilities were academically well-researched and responsibly reported in a manner allowing the industry to proactively prepare updates.
Go to the Ruckus support site to learn about Ruckus’ counter-measures.
Broadly, the exploit deals with how the WPA/WPA2 protocol handles requests to reinstall the encryption keys used to encode/decode traffic between a wireless client and an AP. The vulnerabilities can be described in two groups. The first set of vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. A transient key is one that is derived as part of the encryption of individual client sessions. It is not the PSK or user credentials and is a temporary key that is different for every client and every session.
The second set of vulnerabilities may affect wireless supplicants supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. This could also allow the reinstallation of a pairwise key, group key, or integrity group key.
If a compromised key is installed (via a reinstallation procedure) an attacker can theoretically decrypt the transmissions between a client and an AP. Note, however, that each wireless client creates different temporary encryption keys that it uses with an AP. This is not a global attack but rather attacks a specific, targeted device. These vulnerabilities also only deal with the encryption of data using transient keys that are derived as part of the WPA2 protocol for each session. They are not the same as passwords or any other kind of credentials such as certificates.
What does this mean for you?
- Don’t panic. No, you do not need to shut down your Wi-Fi network. The Internet did not suffer the equivalent of an EMP attack.
- Vulnerabilities exist on both sides of the 4-way handshake relationship (client and AP) and both sides need to be patched.
- Microsoft, Apple, Google, Intel, and other major vendors have been working on fixing these vulnerabilities for a few months now.
- Until client vendors provide updates, disabling 802.11r can …read more